Fraud Detection & Prevention

Sheep: A $110 Million Raid & 96,000 Stolen Bitcoins…

At the start of the month word began to spread of the biggest online robbery of all time. As the dust settles, we take a look at how crowbars and balaclavas have moved online leaving global drug dealers fearing for their lives…

On October 2nd this year the original Silk Road Market Place was shut down by the FBI and thousands of (nefarious) online customers and vendors were forced to track down a viable alternative. Enter the fledgling Sheep Marketplace, with its slicker interface, decent search function and barely any downtime during the Silk Road seizure… it seemed the perfect choice over more established sites such as Black Market Reloaded.

From there things took off quickly, and this site saw some of its more illicit listings (read drugs) increase by over 400% in just two weeks following the Silk Road Closure. However, this black market heyday wasn’t destined to last, because after operating a reasonably glitch free service until the start of December… Sheep Market suddenly shut up shop vanishing around $110 million in Bitcoins in the process.

Gangstas Chased on Reddit

The chase is now on: rewards are being offered for information; scammed victims are posting their hard luck stories online, whilst the thief and his loot are apparently being pursued around the internet by a couple of savvy Reddit users.

Pages and topics are being devoted to compiling the latest contact information for the multitudes of displaced sellers. These almost feel like wartime missing person bulletin boards from the 40s, such is the urgency. Yet the underlying message is very clear: when dealing in the black market, theft, fraud and unforeseen circumstances are a way of life and have to be factored into the risk of doing business.

The whole story has the essence of the old west meets cyberspace. It has miners, robbers, lawmen operating outside the law, gangsters, legitimate business folk, investors, black market racketeers, traders… and people just trying to make a living. 200 years ago, people were blowing bank doors open to rob gold, 100 years ago they were doing the same thing to rob cash. Now there are computer hackers… and online currencies like Bitcoin.

Robbed by Vendor EBOOK101

Sheep Marketplace itself had been operating successfully since around February 2013. And things only began to go awry during the last couple of weeks of November when users were no longer able to withdraw money from their accounts… but were still able to deposit. At first people blamed the glitch on an automated tumbler (using one is a bit like laundering your money; as whilst all Bitcoin transactions are anonymous, they are still public), but after the specified  time frame for the return of funds passed, the following message was placed on Sheep:

“Sheep is down. We are sorry to say, but we were robbed on Saturday 11/21/13 by vendor EBOOK101. This vendor fund bug in system and stole 5400 BTC – your money, our provisions, all was stolen. We were trying to resolve this problem, but were not successful. We are sorry for your problems and inconvenience, all of current BTC will be distributed to users, who have filled correct BTC emergency address. I would like to thank to all SheepMarketplace moderators by this, who were helping with this problem. I am very sorry for this situation. Thank you all.”

A couple of days later Sheep Market Scam – a plain text page sprang up – with equally horrendous spelling – but with real time information about the on-going scam. It seems shortly before the robbery, a number of vendors were offering huge discounts, bulk buys and new products that they’d never sold before. It all had the air of a giant pyramid scheme, with Sheep Marketplace trying to suck as much money into their coffers as possible.

“I owe $90K to some very nasty people…”

It was around this time that the panic set in. One vendor going by the name u/FearingForMyLife wrote “I am a large vendor on Sheep Marketplace, or I was until recently. I sold hard drugs in reasonably large quantities. I have around $90k locked up in the site. I owe some money to some very nasty people. I have until Monday evening. They have already threatened me with death. I have no doubt that they have killed before...I am 26 and I don't want to die.”

At this point, ‘Internet detectives’ from around the web were hunting for the missing coins; something made possible by the fact that all transactions are public. Two Reddit users in particular, TheNodManOut and Sheeproadreloaded2 were quick to identify a large stack of coins that had been transferred out of the Sheep Marketplace.

By attaching tiny fractions of BTC, 0.00666 onto the pile of coins, Sheeproadreloaded2 was able to track where those transactions went next. By sending another ‘666’ every time the money landed in a different wallet he was able to keep on watching the money, posting the blockchain information on various websites, along with a selection of colourful quotes:

“I hope you appreciate what i just did for us. I'm not entirely sure, but I don't think anybody has beaten a tumbler before today. Its like running a marathon through fog, listening for the footsteps of other runners. It helps if there are 96,000 of them, though! The FBI only got 29,000 of our coins. This guy is good, but he's on his last legs. If he can sell a single bitcoin, I'll be surprised.”

The 29,000 coins he refers to is the seizure from the original Silk Road earlier in the year. Of course many people would not technically class this as theft, but the levels of banditry involving Bitcoins since their inception has been exceptional. Even if these stories hardly ever make the papers, and nobody has ever been charged with any crime.

Historical Bitcoin Crimes

A list of major Bitcoin heists has been compiled by bitcointalk which revealed that hundreds of thousands have been stolen. Some of the more recent highlights include: a Chinese Bitcoin exchange that went down taking $4.1 million of its customers’ cash, the US exchange Bitfloor being hacked out of 24,000 coins. Along with an 18-year-old Australian who ran an exchange service called Tradefortress and was apparently relieved of $1 million of his customers Bitcoins by hackers just a few weeks ago.

Theft will always be a problem when handling large volumes of money.  The spotlight may have increasingly turned on Bitcoin over the last 12 months, but this story is far less to do with Bitcoin than it is to do with the way the world is gradually moving online. Perhaps this is the face of all future cash robberies? Only time will tell…


This article was co-written by Kathryn Cave, Editor at IDG Connect and Nick Madden, Group Head of Content at MBI International & Partners


« Box Opens Up, Stretches Out to Reign in Collaboration


Pakistan Sees Growth and Answer to Unemployment in ICT »


Do you think your smartphone is making you a workaholic?